Re: nuke cygwin legacy?
On Tue, 5 Feb 2013, Christopher Faylor wrote: Date: Tue, 5 Feb 2013 12:41:36 -0500 Subject: nuke cygwin legacy? Greetings, All, Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. I was going to suggest this a few months ago and mention that the Cygwin Time Machine was an alternative but it looks like that service is no longer available. That is incorrect. The Cygwin Time Machine is still up and actively collecting updates. I have been having internet connectivity issues as of late, but those (hopefully) should have (mostly) been resolved. If you can't get to the Time Machine, wait a few minutes and try again. So, as an alternative, we could advertise that the directory is going away on the main web page for a month before nuking it. cgf -- --= Peter A. Castro Email: doctor at fruitbat dot org / Peter dot Castro at oracle dot com Cats are just autistic Dogs -- Dr. Tony Attwood
Re: nuke cygwin legacy?
On Fri, Feb 08, 2013 at 06:48:12PM -0800, Peter A. Castro wrote: On Tue, 5 Feb 2013, Christopher Faylor wrote: Date: Tue, 5 Feb 2013 12:41:36 -0500 Subject: nuke cygwin legacy? Greetings, All, Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. I was going to suggest this a few months ago and mention that the Cygwin Time Machine was an alternative but it looks like that service is no longer available. That is incorrect. The Cygwin Time Machine is still up and actively collecting updates. I have been having internet connectivity issues as of late, but those (hopefully) should have (mostly) been resolved. If you can't get to the Time Machine, wait a few minutes and try again. Thanks for the update. I'd tried a few times in the last month and was never able to get through. It works now though, as you say. cgf
Re: nuke cygwin legacy?
On Sat, Feb 09, 2013 at 12:00:46AM -0500, Christopher Faylor wrote: On Fri, Feb 08, 2013 at 06:48:12PM -0800, Peter A. Castro wrote: On Tue, 5 Feb 2013, Christopher Faylor wrote: Date: Tue, 5 Feb 2013 12:41:36 -0500 Subject: nuke cygwin legacy? Greetings, All, Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. I was going to suggest this a few months ago and mention that the Cygwin Time Machine was an alternative but it looks like that service is no longer available. That is incorrect. The Cygwin Time Machine is still up and actively collecting updates. I have been having internet connectivity issues as of late, but those (hopefully) should have (mostly) been resolved. If you can't get to the Time Machine, wait a few minutes and try again. Thanks for the update. I'd tried a few times in the last month and was never able to get through. It works now though, as you say. Btw, if you want to send out an announcement about The Cygwin Time Machine to cygwin-announce, that would be fine with me. cgf
Re: nuke cygwin legacy?
On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. I disagree. The reason to offer it is that it can still provide a lot of value on machines running those obsolete OSes. I don't think that reflects badly on the project, quite the opposite. If, G** forbid, I ever had to work for some reason on an old machine running Win98 or ME, the very first thing I'd do would be to install Cygwin 1.5 on it, and be grateful that I still could. I think it's reasonable to offer 1.5 with a warning that it's provided as is, unmaintained and unsupported, only for systems still running the obsolete Win9x series. Let's remember that the Win9x series is itself unmaintained, unsupported, and without security updates. Anyone still running it ought to know that by now, and running Cygwin 1.5 wouldn't appreciably change it. Finally, even when those OSes were new, they had negligible security built into them. Andrew
Re: nuke cygwin legacy?
On 05/02/2013 17:41, Christopher Faylor wrote: So, as an alternative, we could advertise that the directory is going away on the main web page for a month before nuking it. Cygwin Legacy has been missing from most mirrors today. Has someone pressed the big red button already? Dave.
Re: nuke cygwin legacy?
Yaakov (Cygwin/X) writes: On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. Well, the target OS has been unmaintained for much longer and even worse, you can't even download the service packs and patches for it anymore. I hope I will never have to re-install my Win98SE laptop... but I need to keep it around, for two reasons: I have a scanner that never got drivers for any later version than WinME and unfortunately has buggy firmware that the Linux community hasn't yet (and probably never will) work around, so it would otherwise be a sad case of electronic waste. The other reason is that I did manage to install an almost up-to-date version of .Net onto it and this means I can use it as a very nice logic analyzer (it has a touch screen) by connecting a small box to USB so it actually does something useful without ever getting connected to the net. We actually have a bunch of PC at our lab at work still running Win98 or WinNT for very much the same reason: expensive hardware that never got their drivers updated (manufacturer gone belly-up or getting rid of that particular product line or asking us to buy new hardware with new drivers that actually doesn't do what the old one did). These aren't connected to the net as well, so there's no worry about their security, especially as you can't go into the lab without an access token anyway. Regards, Achim. -- +[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]+ SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2: http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
Re: nuke cygwin legacy?
Am 06.02.2013 03:21, schrieb Yaakov (Cygwin/X): On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. Yaakov Just a proposal (without advocating further) to avoid the problem of providing insecure software for current systems: What about modifying setup.exe so that 1.5 can be installed *only* on legacy systems? -- Thomas
Re: nuke cygwin legacy?
On Wed, Feb 06, 2013 at 09:04:59PM +0100, Thomas Wolff wrote: Am 06.02.2013 03:21, schrieb Yaakov (Cygwin/X): On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. Yaakov Just a proposal (without advocating further) to avoid the problem of providing insecure software for current systems: What about modifying setup.exe so that 1.5 can be installed *only* on legacy systems? I think the bike shed should be green. The whole point of this discussion was that we didn't want to support legacy in setup.exe anymore. So far there have been two suggestions that we should modify setup.exe to accommodate legacy. That's not really helpful. I'm sorry that I put this to a vote. cygwin-legacy has been removed from the release area but not from the web page. So, we'll see if someone contacts the cygwin mailing list with a valid, non-speculative concern. Given that there were only 14 attempts to download last year, I doubt that there will be a huge outcry. cgf
Re: nuke cygwin legacy?
On Wed, Feb 06, 2013 at 08:36:12PM +0100, Achim Gratz wrote: Yaakov (Cygwin/X) writes: On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. Well, the target OS has been unmaintained for much longer ...and isn't available for installation from the company which issued it. That hardly proves your point. and even worse, you can't even download the service packs and patches for it anymore. I'm sure you know that Yaakov and I both understand the state of older versions of Windows and don't need to have this explained. I hope I will never have to re-install my Win98SE laptop... If this is a concern then you should be making backups, not relying on web sites to keep the software around in perpetuity. but I need to keep it around, for two reasons: I have a scanner that never got drivers for any later version than WinME and unfortunately has buggy firmware that the Linux community hasn't yet (and probably never will) work around, so it would otherwise be a sad case of electronic waste. The other reason is that I did manage to install an almost up-to-date version of .Net onto it and this means I can use it as a very nice logic analyzer (it has a touch screen) by connecting a small box to USB so it actually does something useful without ever getting connected to the net. We actually have a bunch of PC at our lab at work still running Win98 or WinNT for very much the same reason: expensive hardware that never got their drivers updated (manufacturer gone belly-up or getting rid of that particular product line or asking us to buy new hardware with new drivers that actually doesn't do what the old one did). These aren't connected to the net as well, so there's no worry about their security, especially as you can't go into the lab without an access token anyway. None of the above is a justification for keeping an outdated version of Cygwin sitting around. If the machines were connected to the network and needed to periodically download the legacy software that would be a mild argument in favor of keeping legacy around. But, you specifically say that this isn't the case. Your laptop presumably already has Cygwin installed and you are likely not regularly installing new packages on it since you are apparently only using it for limited purposes. Anyway, I'm sorry I put this to a vote. I've nuked the legacy code from the release area. I haven't removed the link from the web site so we'll see if someone complains to the cygwin mailing list. As I mentioned, there were 14 attempts to download the legacy code last year. That is not a strong justification for keeping it around. Lots of OS distributions retire old versions. We don't have to be an exception. cgf
Re: nuke cygwin legacy?
On 07/02/13 05:17, Christopher Faylor wrote: Anyway, I'm sorry I put this to a vote. I've nuked the legacy code from the release area. I haven't removed the link from the web site so we'll see if someone complains to the cygwin mailing list. As I mentioned, there were 14 attempts to download the legacy code last year. That is not a strong justification for keeping it around. Cygwin Legacy was downloaded only yesterday - I know, because I did it. I have a client who insists on Cygwin 1.5. I have explained the risks associated with this (and the benefits to be had by upgrading), but they have their reasons and ultimately it's their decision. Thankfully, I managed to find a site that was a little tardy in its mirroring, and I now have Cygwin Legacy squirrelled away on a DVD, should I ever need it again. Lots of OS distributions retire old versions. We don't have to be an exception. Indeed, but it *is* common for software providers to give some form of notice first... Dave.
nuke cygwin legacy?
Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. I was going to suggest this a few months ago and mention that the Cygwin Time Machine was an alternative but it looks like that service is no longer available. So, as an alternative, we could advertise that the directory is going away on the main web page for a month before nuking it. cgf
Re: nuke cygwin legacy?
Am 05.02.2013 18:41, schrieb Christopher Faylor: Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. I was going to suggest this a few months ago and mention that the Cygwin Time Machine was an alternative but it looks like that service is no longer available. So, as an alternative, we could advertise that the directory is going away on the main web page for a month before nuking it. cgf I had thought that support had stopped anyway, just keeping the files available. I used to run an old laptop with Windows ME until recently and maybe there's an ME or Windows 2000 surviving in some virtual machine... For owners of old hardware, there is also some Linux installations still available that fit into something like 20MB, so why not keep cygwin for download? Thomas
Re: nuke cygwin legacy?
On 2/5/2013 10:41, Christopher Faylor wrote: Corinna +1'ed my suggestion that it was time to remove cygwin 1.5 support so I'm wondering if anyone has any objections to removing 1.5 from cygwin.com. It seems to me that the sort of person who's still hanging onto a DOS-based version of Windows probably won't be watching this list, or to the cygwin.com home page. I propose making the deprecation a two-stage affair: 1. Move Cygwin 1.5 somewhere else, so that it doesn't get included in mirrors. 2. Point everything referring to the old mirror system at the new location, presumably a different subtree on sourceware.org. Then you can rely on the FTP/HTTP logs to determine how often people actually install these packages. There's a core assumption here, which is that download volumes have dropped enough that going back to a single download server is sane. If it turns out that download volume is unexpectedly high, though, well, that's answer enough, isn't it?
Re: nuke cygwin legacy?
On Tue, 5 Feb 2013 13:00:43 -0500, Christopher Faylor wrote: Because it is taking space on the web site and on sourceware.org and there is no good reason for it to be offered anymore. If there are virtual machines running ME then, if they haven't installed Cygwin 1.5 by now, there is no reason to assume that they will need it. Additionally, except for setup.exe, there have been no bug fixes or security fixes in 1.5 so we're offering buggy, insecure software on our site. Which, in and of itself, is reason to drop it. FWIW, I deleted legacy files from Ports a few months ago without complaint. Yaakov
Re: nuke cygwin legacy?
On Tue, Feb 05, 2013 at 07:57:58PM -0600, Yaakov wrote: On Tue, 5 Feb 2013 13:00:43 -0500, Christopher Faylor wrote: Because it is taking space on the web site and on sourceware.org and there is no good reason for it to be offered anymore. If there are virtual machines running ME then, if they haven't installed Cygwin 1.5 by now, there is no reason to assume that they will need it. Additionally, except for setup.exe, there have been no bug fixes or security fixes in 1.5 so we're offering buggy, insecure software on our site. Which, in and of itself, is reason to drop it. FWIW, I deleted legacy files from Ports a few months ago without complaint. Also, FWIW, it looks like setup-legacy was downloaded 14 times in the last year. I think that's a pretty good indication that it isn't very popular. cgf
Re: nuke cygwin legacy?
On Tue, 05 Feb 2013 20:56:42 +0100, Erwin Waterlander wrote: It doesn't matter that it is not secure. Yes, it does. IMHO it is irresponsible on our part to distribute unmaintained or knowingly vulnerable software, and it reflects badly on the Cygwin project. Yaakov
